package com.chenyun.gateway.security;//package com.chenyun.gateway.security;
//
//import cn.hutool.core.collection.CollectionUtil;
//import cn.hutool.core.convert.Convert;
//import cn.hutool.core.util.StrUtil;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.data.redis.core.RedisTemplate;
//import org.springframework.http.HttpMethod;
//import org.springframework.http.server.reactive.ServerHttpRequest;
//import org.springframework.security.authorization.AuthorizationDecision;
//import org.springframework.security.authorization.ReactiveAuthorizationManager;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.core.GrantedAuthority;
//import org.springframework.security.web.server.authorization.AuthorizationContext;
//import org.springframework.stereotype.Component;
//import reactor.core.publisher.Mono;
//import java.net.URI;
//import java.util.List;
//
///**
// * 鉴权管理器  用于判断是否有资源的访问权限
// * 1:通过token解析出用户
// * 2:通过用户查询角色
// * 3:根据url查询redis中url对应的角色匹配
// *
// * @author: Lonni
// * @date: 2022/6/4 0004 22:05
// */
//@Component
//public class AuthorizationManager  implements ReactiveAuthorizationManager<AuthorizationContext> {
//    private final String RESOURCE_ROLES_MAP_KEY="gateway_resource";
//    //注意 oath2中角色是通过 ROLE_开头的
//    private  final  String AUTHORITY_PREFIX="ROLE_";
////    private final String ADMIN_PREFIX=AUTHORITY_PREFIX+"admin";
//private final String ADMIN_PREFIX="admin";
//    @Autowired
//    private RedisTemplate redisTemplate;
//
//
//    @Override
//    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
//        ServerHttpRequest request = authorizationContext.getExchange().getRequest();
//        if (request.getMethod() == HttpMethod.OPTIONS) { // 预检请求放行
//            return Mono.just(new AuthorizationDecision(true));
//        }
//        //从Redis中获取当前路径可访问角色列表
//        URI uri = authorizationContext.getExchange().getRequest().getURI();
//        Object obj = redisTemplate.opsForHash().get(  RESOURCE_ROLES_MAP_KEY, uri.getPath());
//
//        List<String> authorities = Convert.toList(String.class, obj);
////         authorities = authorities.stream().map(i -> i =AUTHORITY_PREFIX + i).collect(Collectors.toList());
//        //认证通过且角色匹配的用户可访问当前路径
//        List<String> finalAuthorities = authorities;
//        return mono
//                .filter(Authentication::isAuthenticated)
//                .flatMapIterable(Authentication::getAuthorities)
//                .map(GrantedAuthority::getAuthority)
//                .any(authority->{
//                    //如果是超级管理员 放行
//                    if (StrUtil.equals(ADMIN_PREFIX,authority)){
//                        return  true;
//                    }
//                    return CollectionUtil.isNotEmpty(finalAuthorities)&& finalAuthorities.contains(authority);
//                })
//                // 不需要角色就可以访问
//                //.any(role -> true)
//                .map(AuthorizationDecision::new)
//                .defaultIfEmpty(new AuthorizationDecision(false));
//
//    }
//
//
//}
